Merely half of the companies in the German information economy (consisting of the ICT sector as well as media and knowledge-intensive service providers) have so far dealt with the need to adapt to the new General Data Protection Regulation (GDPR), which will become binding for all businesses and government bodies operating in the EU in May 2018. Due to its high service intensity, the German information economy is likely to be particularly affected by the GDPR, and is thus increasingly coming under pressure to adapt to this new EU regulation. This is the result of a representative survey among approximately 700 companies in the German information economy with five or more employees, conducted by the Centre for European Economic Research (ZEW), Mannheim, in December 2017.

Only about half of the companies in the German information economy have dealt with the new EU General Data Protection Regulation so far.
Only about half of the companies in the German information economy have dealt with the new EU General Data Protection Regulation so far.

While 47.5 per cent of the businesses in the information economy have already dealt with the new EU GDPR, 12.5 per cent claimed to have never heard about this regulation; 40 per cent of the companies stated that they have in fact heard about the new rules, but have not yet dealt with them. The GDPR aims to protect personal data within the European Union and safeguard free data movement within the EU Single Market.

The study also revealed sector-specific results: while most ICT service providers (62.3 per cent) have already dealt with the regulations, the majority of knowledge-intensive service providers (55.9 per cent), such as law, tax and business consultancies, architectural and engineering offices, the advertising industry and market research companies, are not yet familiar or have not yet dealt with the GDPR.

Businesses expect new regulations to result in additional costs

In December 2017, only about five per cent of the surveyed businesses had already implemented all measures required by the GDPR, while around 25 per cent had at least implemented some of the measures set out the new EU regulation. As many as about 70 per cent, however, have either not yet (42.9 per cent) or only just begun (25.6 per cent) to put the required measures into practice.

“It is therefore all the more surprising that many companies have great confidence that they are still able to implement the requirements of the GDPR by the time the new EU regulation enters into force,” says Dr. Jörg Ohnemus, deputy head of the ZEW Research Department “Digital Economy”. According to the researchers, almost 70 per cent of the companies in the information economy expect that by May 2018, they will have fully (36.7) or partly (31.2) implemented the provisions set out in the new data protection regulation.

Furthermore, companies in the German information economy believe that the introduction of a Europe-wide data protection framework will involve great organisational and HR costs. “More than half of the companies expect the enforcement of the regulation to result in additional costs for employee training schemes on the one hand, and a higher workload on the other hand,” explains Jörg Ohnemus. Only a small minority of the surveyed companies expect the GDPR to have a positive effect on the competitiveness of EU companies on international markets (10.1 per cent), or on the companies’ business development (5.0 per cent).

For further information please contact:

Dr. Jörg Ohnemus, Phone +49 (0)621/1235-354, E-Mail joerg.ohnemus@zew.de

Contact

PR Officer

Phone: +49 (0)621 1235-103

Fax: +49 (0)621 1235-255

felix.kretz@zew.de

Back to press overview